Mp3codec.exe Is Not a Codec

In yet another Marguerite-esque scheme, a file being presented as an mp3 codec is not a codec. Not surprisingly, the file turning up in the ThreatFire community is related to crack sites and p2p networks.

When run, this little fsg packed executable crashes. Before it does, it sends information to a web server about the user’s workstation, and injects an adware component into explorer.exe. Always exercise caution around these sorts of networks. We’ll post more details here soon.